Clik here to view.
'Hardening' Windows
fiwayan173: one more setting: If you donot have DMA protection, turn on this. always use hibernate instead of sleep because it activates Bitlocker. Device in sleep or awake status is not protected by...
View ArticleClik here to view.
'Hardening' Windows
fiwayan173: turn Secure boot on and disable third party Microsoft UEFI CA which is for Linux. turn virtulization related settings on. turn Thunderbolt related security settings to the highest level....
View ArticleClik here to view.
'Hardening' Windows
Sprout3425: all the settings I can see have an ‘Ok’ status. Hm, that’s quite surprising since a few settings clearly say that MDM is a requirement and on my device Edge marked these settings with an...
View ArticleClik here to view.
'Hardening' Windows
fiwayan173: Secure Launch aka system guard secure launch aka firmware protection. smm protection is included in secure launch. this requires a Intel vPro CPU. If your device is compatiable, turn it...
View Article'Hardening' Windows
I have signed in with my University account of Microsoft 365 services before, and Edge I think. How is the term Mobile-Device-Management-Solutions relevant to me, someone who is using a laptop? Read...
View ArticleClik here to view.
'Hardening' Windows
fiwayan173: Sprout3425: Windows Security > App browser & control > Exploit protection settings > Programme settings There is a baseline file for this. it’s in...
View ArticleClik here to view.
'Hardening' Windows
Sprout3425: Pretty sure I have DMA protection, right? Yes according to your msinfo. Sprout3425: Status for firmware protections is Off. Your device are not compatible with it. Sprout3425: I could not...
View ArticleClik here to view.
'Hardening' Windows
Thanks so much @fiwayan173, you have provided some immensely helpful links. Keep in mind that I have applied the Windows 11 v23H2 Security Baseline, the Microsoft 365 Apps for Enterprise 2306 baseline...
View ArticleClik here to view.
'Hardening' Windows
Sprout3425: requesting a brief run down on how to apply your recommendations Most of the ASR rules are already implemented by the security baselines. Sprout3425: Unfortunately, Microsoft’s...
View ArticleClik here to view.
'Hardening' Windows
GitHub GitHub - starchturrets/windows-shenanigans: Just my notes on how to Just my notes on how to . Contribute to starchturrets/windows-shenanigans development by creating an account on GitHub. Read...
View ArticleClik here to view.
'Hardening' Windows
sha123: Is there any advantage in selecting Secure Boot and DMA protection that I overlooked? no Sprout3425: You mention the Attack surface reduction rules reference In group Policy editor, open...
View Article'Hardening' Windows
Before properly reading this I can say: thanks you are a saint, this seems to be the level of detail I was looking for. Read full topic
View Article'Hardening' Windows
There are a few final settings to note. they are not in the baseline and not mentioned before. 1 Recently Microsoft Edge decides some policies are not applicable if you are logging in Edge using a...
View Article'Hardening' Windows
Hmm, I need to log in to Excel, Word and PowerPoint to get licenses for them I think. May be wrong Read full topic
View Article'Hardening' Windows
Not sure which ones to disable, pretty sure connected experiences are essential for me as a uni student, but not 100% sure what they do. I did read their descriptions Allow the use of connected...
View Article'Hardening' Windows
Thanks so much though, all of this went pretty smoothly! Read full topic
View ArticleClik here to view.
'Hardening' Windows
Final solution Disclaimer: I have no knowledge in this field, therefore, I have certainly missed steps, or done steps incorrectly, so please feel free to correct me. Furthermore, make sure you...
View ArticleClik here to view.
'Hardening' Windows
sha123: The two main conflicting settings, were the defender settings I wrote What are these specifically, I can’t find what you are referring to? Read full topic
View Article'Hardening' Windows
One of my last questions goes unaddressed: Regarding the Windows Restricted Traffic Limited Functionality Baseline, @fiwayan173 you recommend applying the 24. Microsoft Defender Antivirus, 29. Windows...
View Article'Hardening' Windows
Yay, you did it! Nice write-up. Haven’t looked into it in detail, but looks good on first sight. Two important points to edit into your comment: Some settings in the security baselines are privacy...
View Article